[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[VOTES] 19 High Priority Candidates - Need 1 More Vote

All,

Below is the first in a regular series of prioritized lists which will
identify candidates that are (a) high priority and (b) are close to
being ACCEPTed.

The following active candidates have all been acknowledged by the
software vendor.  They need just 1 more ACCEPT vote.  If you have a
chance to vote on these, please send your votes to me.

Thanks,
- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

KEY FOR INFERRED ACTIONS
------------------------

Inferred actions capture the voting status of a candidate.  They may
be used by the moderator to determine whether or not a candidate is
added to CVE.  Where there is disagreement, the moderator must resolve
the issue and achieve consensus, or make the final decision if
consensus cannot be reached.

- ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT
- ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement
- MOREVOTES = needs more votes
- ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING
- SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright
- SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's
- REVIEWING = at least one member is REVIEWING
- REJECT = at least one member REJECTed
- REVOTE = members should review their vote on this candidate

=================================
Candidate: CAN-2000-0024
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)

IIS does not properly canonicalize URLs, potentially allowing remote
attackers to bypass access restrictions in third-party software via
escape characters, aka the "Escape Character Parsing" vulnerability.

INFERRED ACTION: CAN-2000-0024 MOREVOTES-1 (1 accept, 1 ack, 1 review)

Current Votes:
   MODIFY(1) Stracener
   REVIEWING(1) Armstrong

Comments:
 Stracener> Add Ref: MSKB:Q246401


VOTE:

=================================
Candidate: CAN-2000-0044
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: BID:919
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=919

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to
read arbitrary files or execute commands.

INFERRED ACTION: CAN-2000-0044 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:warftp-macro-access-files


VOTE:

=================================
Candidate: CAN-2000-0050
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BID:915
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full

The Allaire Spectra Webtop allows authenticated users to access other
Webtop sections by specifying explicit URLs.

INFERRED ACTION: CAN-2000-0050 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:allaire-webtop-access


VOTE:

=================================
Candidate: CAN-2000-0051
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BID:916
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full

The Allaire Spectra Configuration Wizard allows remote attackers to
cause a denial of service by repeatedly resubmitting data collections
for indexing via a URL.

INFERRED ACTION: CAN-2000-0051 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:allaire-spectra-config-dos


VOTE:

=================================
Candidate: CAN-2000-0052
Published:
Final-Decision:
Interim-Decision:
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001-01
Reference: URL:http://www.redhat.com/support/errata/RHSA2000001-03.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
Reference: BID:913
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=913

Red Hat userhelper program in the usermode package allows local users
to gain root access via PAM and a .. (dot dot) attack.

Modifications:
  ADDREF XF:linux-pam-userhelper

INFERRED ACTION: CAN-2000-0052 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:linux-pam-userhelper


VOTE:

=================================
Candidate: CAN-2000-0057
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: BID:917
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=917

Cold Fusion CFCACHE tag places temporary cache files within the web
document root, allowing remote attackers to obtain sensitive system
information.

INFERRED ACTION: CAN-2000-0057 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:coldfusion-cfcache


VOTE:

=================================
Candidate: CAN-2000-0062
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BID:922
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=922
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net

The DTML implementation in the Z Object Publishing Environment (Zope)
allows remote attackers to conduct unauthorized activities.

INFERRED ACTION: CAN-2000-0062 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:zope-dtml


VOTE:

=================================
Candidate: CAN-2000-0070
Published:
Final-Decision:
Interim-Decision:
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port

NtImpersonateClientOfPort local procedure call in Windows NT 4.0
allows local users to gain privileges, aka "Spoofed LPC Port Request."

Modifications:
  ADDREF XF:nt-spoofed-lpc-port

INFERRED ACTION: CAN-2000-0070 MOREVOTES-1 (1 accept, 3 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> ADDREF XF:nt-spoofed-lpc-port


VOTE:

=================================
Candidate: CAN-2000-0073
Published:
Final-Decision:
Interim-Decision:
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: MS:MS00-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp
Reference: MSKB:Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows
attackers to cause a denial of service via a malformed control word.

Modifications:
  ADDREF XF:win-malformed-rtf-control-word

INFERRED ACTION: CAN-2000-0073 MOREVOTES-1 (1 accept, 2 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> ADDREF XF:win-malformed-rtf-control-word


VOTE:

=================================
Candidate: CAN-2000-0083
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031

HP asecure creates the Audio Security File audio.sec with insecure
permissions, which allows local users to cause a denial of service or
gain additional privileges.

INFERRED ACTION: CAN-2000-0083 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(1) Frech

Comments:
 Frech> XF:hp-audio-security-perms


VOTE:

=================================
Candidate: CAN-2000-0091
Published:
Final-Decision:
Interim-Decision:
Modified: 20000403-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: BID:942
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=942
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: MISC:http://www.inter7.com/vpopmail/

Buffer overflow in vchkpw/vpopmail POP authentication package allows
remote attackers to gain root privileges via a long username or
password.

Modifications:
  ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLog
  ADDREF MISC:http://www.inter7.com/vpopmail/

INFERRED ACTION: CAN-2000-0091 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

=================================
Candidate: CAN-2000-0095
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041
Reference: BID:944
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=944

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for
determining the optimum MTU generates large amounts of traffic in
response to small packets, allowing remote attackers to cause the
system to be used as a packet amplifier.

INFERRED ACTION: CAN-2000-0095 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

=================================
Candidate: CAN-2000-0099
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2

Buffer overflow in UnixWare ppptalk command allows local users to gain
privileges via a long prompt argument.

INFERRED ACTION: CAN-2000-0099 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

=================================
Candidate: CAN-2000-0107
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201
Reference: BID:958
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=958

Linux apcd program allows local attackers to modify arbitrary files
via a symlink attack.

INFERRED ACTION: CAN-2000-0107 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

=================================
Candidate: CAN-2000-0112
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: CF
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960

The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.

INFERRED ACTION: CAN-2000-0112 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

=================================
Candidate: CAN-2000-0131
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966

Buffer overflow in War FTPd 1.6x allows users to cause a denial of
service via long MKD and CWD commands.

INFERRED ACTION: CAN-2000-0131 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(1) Wall


VOTE:

=================================
Candidate: CAN-2000-0159
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org

HP Ignite-UX does not save /etc/passwd when it creates an image of a
trusted system, which can set the password field to a blank and allow
an attacker to gain privileges.

INFERRED ACTION: CAN-2000-0159 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(2) Wall, LeBlanc


VOTE:

=================================
Candidate: CAN-2000-0165
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net

The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.

INFERRED ACTION: CAN-2000-0165 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   NOOP(2) Wall, LeBlanc


VOTE:

=================================
Candidate: CAN-2000-0173
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: SCO:SB-00.08a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.08a

Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote
attackers to cause a denial of service.

INFERRED ACTION: CAN-2000-0173 MOREVOTES-1 (1 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Blake
   NOOP(3) Wall, LeBlanc, Ozancin


VOTE:
Page Last Updated or Reviewed: May 22, 2007